Menu
▾
▴
Re: [Exist-open] Unable to configure conf.xml for LDAP
|
From: Kaustubh N. <kau...@ea...> - 2012-01-06 15:47:24
|
I am not able to log in using the LDAP account I have created. I have done the following till date: 1. created user account in the LDAP server using LAM 2. changed the /db/system/security/config.xml to incorporate <realm id="LDAP">....</realm> 3. changed the exist/bin/functions.d/eXist-settings.sh to add '-Dsecurity.ldap.connection.url=ldap://127.0.0.1:389/-Dsecurity.ldap.dn.user=ou=Users,dc=exist-db,dc=org -Dsecurity.ldap.dn.group=ou=Groups,dc=exist-db,dc=org" ' to JAVA_OPTIONS Do you think I have missed a step? In the <realm>....</realm> node, there is a default username and a default password. When does that come into picture? Or rather how can I log in using these credentials? Thanks, Kaustubh On Thu, Jan 5, 2012 at 2:37 PM, Kaustubh Nagraj <kau...@ea...>wrote: > Yes, I still have a problem logging in. I get an error saying user was not > found. I have already created the user from LAM. > > > On Thu, Jan 5, 2012 at 1:55 PM, Dmitriy Shabanov <sha...@gm...>wrote: > >> >> >> On Thu, Jan 5, 2012 at 10:01 PM, Kaustubh Nagraj <kau...@ea...>wrote: >> >>> Hi, >>> >>> Thanks again for your prompt action. The log now clearly tells me that >>> it could not find the user account. >>> >>> 2012-01-05 16:47:49,505 [eXistThread-27] DEBUG (NativeSerializer.java >>> [serializeToReceiver]:107) - serializing document 1 >>> (/db/system/security/config.xml) to SAX took 4 msec >>> 2012-01-05 16:48:52,390 [eXistThread-27] DEBUG (LdapContextFactory.java >>> [getLdapContext]:129) - Initializing LDAP context using URL [ldap:// >>> 127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?(objectclass=posixAccount)<http://127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?%28objectclass=posixAccount%29>] >>> and username [uid=abc,ou=Users,dc=exist-db,dc=org] with pooling [enabled] >>> 2012-01-05 16:48:52,415 [eXistThread-27] DEBUG (LdapContextFactory.java >>> [getLdapContext]:129) - Initializing LDAP context using URL [ldap:// >>> 127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?(objectclass=posixAccount)<http://127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?%28objectclass=posixAccount%29>] >>> and username [user] with pooling [enabled] >>> 2012-01-05 16:48:52,423 [eXistThread-27] ERROR (LDAPRealm.java >>> [getAccount]:472) - org.exist.security.AuthenticationException: [LDAP: >>> error code 34 - invalid DN] >>> 2012-01-05 16:48:52,423 [eXistThread-27] DEBUG >>> (SecurityManagerImpl.java [authenticate]:419) - Account >>> 'uid=abc,ou=Users,dc=exist-db,dc=org' not found, throw error >>> 2012-01-05 16:48:52,423 [eXistThread-27] DEBUG >>> (XmldbRequestProcessorFactory.java [authenticate]:90) - User >>> [uid=abc,ou=Users,dc=exist-db,dc=org] not found >>> >>> Do I need to create new user accounts in the >>> /db/system/security/LDAP/accounts manually? >> >> >> No, it will be created after first authentication or search. >> >> >>> Since I have already: >>> >>> 1. created user account in the LDAP server using LAM >>> 2. changed the /db/system/security/config.xml to incorporate <realm >>> id="LDAP">....</realm> >>> 3. changed the exist/bin/functions.d/eXist-settings.sh to add >>> '-Dsecurity.ldap.connection.url=ldap://127.0.0.1:389/-Dsecurity.ldap.dn.user=ou=Users,dc=exist-db,dc=org >>> -Dsecurity.ldap.dn.group=ou=Groups,dc=exist-db,dc=org" ' to JAVA_OPTIONS >>> >> >> You don't need 3rd step. >> >> >>> >>> Do I need to do something else to ensure that exist finds the user >>> account created using LDAP account manager? >>> >> >> Do you still can't login by ldap account? >> >> -- >> Dmitriy Shabanov >> > > |